Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1356: Fix broken tests.

Browse Source 
Test cookies now require that the path be set in order for them to be recognised for auto-login purposes..
This commit is contained in:
Luke Taylor 2010-01-12 01:32:02 +00:00
parent 6eff4d90b7
commit f62d97b092
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
View File

@ -249,7 +249,7 @@ public class AbstractRememberMeServicesTests {
MockRememberMeServices services = new MockRememberMeServices(); MockRememberMeServices services = new MockRememberMeServices();
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":"))); services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
cookie.setPath("/");
return new Cookie[] {cookie}; return new Cookie[] {cookie};
} }

25
web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java
View File

@ -109,6 +109,7 @@ public class TokenBasedRememberMeServicesTests {
@Test @Test
public void autoLoginIgnoresUnrelatedCookie() throws Exception { public void autoLoginIgnoresUnrelatedCookie() throws Exception {
Cookie cookie = new Cookie("unrelated_cookie", "foobar"); Cookie cookie = new Cookie("unrelated_cookie", "foobar");
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
@ -119,10 +120,27 @@ public class TokenBasedRememberMeServicesTests {
assertNull(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY)); assertNull(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY));
} }
// SEC-1356
@Test
public void autoLoginIgnoresCookieWithWrongPath() throws Exception {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "foobar");
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("not_root");
request.setCookies(new Cookie[] {cookie});
MockHttpServletResponse response = new MockHttpServletResponse();
Authentication result = services.autoLogin(request, response);
assertNull(result);
assertNull(response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY));
}
@Test @Test
public void autoLoginReturnsNullForExpiredCookieAndClearsCookie() throws Exception { public void autoLoginReturnsNullForExpiredCookieAndClearsCookie() throws Exception {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password", "key")); generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password", "key"));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -138,6 +156,7 @@ public class TokenBasedRememberMeServicesTests {
public void autoLoginReturnsNullAndClearsCookieIfMissingThreeTokensInCookieValue() throws Exception { public void autoLoginReturnsNullAndClearsCookieIfMissingThreeTokensInCookieValue() throws Exception {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
new String(Base64.encodeBase64("x".getBytes()))); new String(Base64.encodeBase64("x".getBytes())));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -153,6 +172,7 @@ public class TokenBasedRememberMeServicesTests {
public void autoLoginClearsNonBase64EncodedCookie() throws Exception { public void autoLoginClearsNonBase64EncodedCookie() throws Exception {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
"NOT_BASE_64_ENCODED"); "NOT_BASE_64_ENCODED");
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -170,6 +190,7 @@ public class TokenBasedRememberMeServicesTests {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
"WRONG_KEY")); "WRONG_KEY"));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -186,6 +207,8 @@ public class TokenBasedRememberMeServicesTests {
public void autoLoginClearsCookieIfTokenDoesNotContainANumberInCookieValue() throws Exception { public void autoLoginClearsCookieIfTokenDoesNotContainANumberInCookieValue() throws Exception {
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes()))); new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -202,6 +225,7 @@ public class TokenBasedRememberMeServicesTests {
jmock.checking(udsWillThrowNotFound); jmock.checking(udsWillThrowNotFound);
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key")); generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});
@ -219,6 +243,7 @@ public class TokenBasedRememberMeServicesTests {
jmock.checking(udsWillReturnUser); jmock.checking(udsWillReturnUser);
Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key")); generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
cookie.setPath("/");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(new Cookie[] {cookie}); request.setCookies(new Cookie[] {cookie});